Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My threads have gone unresponded to twice, someone please help


  • This topic is locked This topic is locked

#1
ed_word

ed_word

    Member

  • Member
  • PipPip
  • 13 posts
I understand you are very busy guys and I'm not mad or upset at all, I was just wondering if someone could please look over tis recent hijackthis log and tell me if my computer is infected like I keep getting messages saying it is. Thank you so much.

Logfile of HijackThis v1.99.1
Scan saved at 4:48:44 AM, on 2/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\AOL\1153789546\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vongo\VongoService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
c:\program files\common files\aol\1153789546\ee\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Azureus\Azureus.exe
C:\Documents and Settings\OWNER\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\OWNER\LOCALS~1\Temp\{91EFC222-7C9F-4090-9ADC-47FB3FF9B003}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?8978c0422b2348f9bc2e4e3f28503a70
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?8978c0422b2348f9bc2e4e3f28503a70
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\OWNER\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\OWNER\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1153773838828
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
  • 0

Advertisements


#2
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Just had a look at your history here and this is the only thread that I can find in your name and that was responded to, so I have no idea why you claim that staff are not replying to you. Care to explain?

http://www.geekstogo...s...st&p=865495

Where are you getting messages from telling you your PC is infected?
  • 0

#3
ed_word

ed_word

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Just had a look at your history here and this is the only thread that I can find in your name and that was responded to, so I have no idea why you claim that staff are not replying to you. Care to explain?

http://www.geekstogo...s...st&p=865495

Where are you getting messages from telling you your PC is infected?

These are the two threads I posted from my own computer.

http://www.geekstogo...me-t146936.html
http://www.geekstogo...howtopic=146049

I post on the Slug name when I am at home cause its automatically logged in there and this name when I am at my sisters house because its logged in here. Sorry for the confusion.
  • 0

#4
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Well, I don't know the reason, but I would think it might have something to do with the name slug.
  • 0

#5
ed_word

ed_word

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hahaha, thanks :whistling:
  • 0

#6
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
If you want me to do something, you'll have to answer the question posed.

Where are you getting messages from telling you your PC is infected?


  • 0

#7
ed_word

ed_word

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Oh, well I was getting a red shield in the bottom right hand corner next to the time with an X in it and it kept having a bubble pop up saying your computer is infected. When I clicked it it installed some sort of registry cleaner that didnt work. I haven't gotten it in awhile though.
  • 0

#8
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again Ed

That sounds like a Puper infection.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

A. Please download the 30-day trial version of: AVG Anti Spyware
  • Please install, and update AVG Anti-Spyware/Ewido
  • Load AVGas/Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Please select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"
  • Close AVGas/Ewido. Do not run it yet.
B. Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:

Safe Mode

C. Open the SmitfraudFix Folder, (right click and choose Extract All) then double-click smitfraudfix.cmd file to start the tool. Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

D. Clean out your Temporary Internet files. Proceed like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

E. Close ALL open Windows / Programmes / Folders.
  • In Safe Mode, load AVGas/Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be patient.
  • AVGas/Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (I suggest the Desktop).
Close AVGas/Ewido and Reboot in Normal Mode.
______________________________

F. Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the Programme and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
______________________________

G. Please post:
  • c:\rapport.txt
  • AVGas/Ewido log
  • A new HijackThis log (from normal mode).
You may need more than one reply to post the requested logs, otherwise they might get cut off.
  • 0

#9
ed_word

ed_word

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Sorry it took so long, I was out of town this weekend. Here are the logs.

RAPPORT.TXT

SmitFraudFix v2.138

Scan done at 18:50:51.31, Sat 02/03/2007
Run from C:\Documents and Settings\OWNER\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\RegistryCleanerSetup.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#10
ed_word

ed_word

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
AVGas/Ewido log

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:47:44 PM 2/5/2007

+ Scan result:



C:\System Volume Information\_restore{92EC12A7-009B-4D77-899D-FF91068A8284}\RP167\A0018186.exe -> Hijacker.Agent.is : Cleaned.
C:\System Volume Information\_restore{92EC12A7-009B-4D77-899D-FF91068A8284}\RP170\A0021384.exe -> Hijacker.Agent.is : Cleaned.
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned.
C:\System Volume Information\_restore{92EC12A7-009B-4D77-899D-FF91068A8284}\RP154\A0016978.exe -> Not-A-Virus.Monitor.Win32.Ardamax.24 : Cleaned.
C:\System Volume Information\_restore{92EC12A7-009B-4D77-899D-FF91068A8284}\RP156\A0017179.exe -> Not-A-Virus.Monitor.Win32.Ardamax.NAA : Cleaned.
C:\System Volume Information\_restore{92EC12A7-009B-4D77-899D-FF91068A8284}\RP156\A0017180.exe -> Not-A-Virus.Monitor.Win32.Ardamax.NAA : Cleaned.
:mozilla.10:C:\Documents and Settings\OWNER\Application Data\Netscape\NSB\Profiles\zt7k232e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\OWNER\Application Data\Netscape\NSB\Profiles\zt7k232e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.202:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.203:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.342:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\OWNER\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\OWNER\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.253:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.254:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.210:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.211:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.212:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.213:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.214:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.215:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.44:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.45:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.46:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.47:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.48:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.6:C:\Documents and Settings\OWNER\Application Data\Netscape\NSB\Profiles\zt7k232e.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.7:C:\Documents and Settings\OWNER\Application Data\Netscape\NSB\Profiles\zt7k232e.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.8:C:\Documents and Settings\OWNER\Application Data\Netscape\NSB\Profiles\zt7k232e.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.7:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.223:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.224:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.225:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.226:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.345:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.344:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.100:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.93:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.94:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.95:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.96:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.97:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.98:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.99:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.255:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.256:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.220:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.12:C:\Documents and Settings\OWNER\Application Data\Netscape\NSB\Profiles\zt7k232e.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.43:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.9:C:\Documents and Settings\OWNER\Application Data\Netscape\NSB\Profiles\zt7k232e.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.171:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.172:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.173:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.174:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.244:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.245:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.246:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.247:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.248:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.161:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.162:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.163:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.164:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.165:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.166:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.167:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.112:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.115:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.116:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.122:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.124:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.125:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.350:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\OWNER\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.158:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.159:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.130:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.58:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.59:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.60:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.63:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.64:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.180:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.181:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.56:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.57:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.278:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.279:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.280:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.281:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.284:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.285:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.346:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.259:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.260:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.263:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.368:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.10:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.11:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.12:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.13:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.14:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.15:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.16:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.17:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.9:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.101:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.347:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.370:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.42:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.49:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.50:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.51:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.52:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.53:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.54:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.55:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.303:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.304:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.305:C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\okes78d7.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{92EC12A7-009B-4D77-899D-FF91068A8284}\RP167\A0018187.exe -> Trojan.ProcKill.DJ : Cleaned.
C:\System Volume Information\_restore{92EC12A7-009B-4D77-899D-FF91068A8284}\RP167\A0018188.exe -> Trojan.ProcKill.DJ : Cleaned.
C:\System Volume Information\_restore{92EC12A7-009B-4D77-899D-FF91068A8284}\RP167\A0018189.exe -> Trojan.ProcKill.DJ : Cleaned.


::Report end
  • 0

Advertisements


#11
ed_word

ed_word

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
HijackThis! Log


Logfile of HijackThis v1.99.1
Scan saved at 4:52:52 PM, on 2/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1153789546\ee\aolsoftware.exe
c:\program files\common files\aol\1153789546\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vongo\VongoService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\OWNER\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\OWNER\LOCALS~1\Temp\{91EFC222-7C9F-4090-9ADC-47FB3FF9B003}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?8978c0422b2348f9bc2e4e3f28503a70
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?8978c0422b2348f9bc2e4e3f28503a70
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\OWNER\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\OWNER\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1153773838828
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
  • 0

#12
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

The logs look quite good, but there are a few adjustments to make. I notice that you have Kaspersky AV, good choice, but you have part of Norton AV 2004 still on your PC. That might cause you a problem in the future ans I recommend uninstalling Norton completely.

To start please download the following programmes, we will run them later. Please save them to a place that you will remember, I suggest the Desktop:

CCleaner
combofix.exe

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

Now close all windows other than HiJackThis, then click Fix Checked.

There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner. Install it, check the default setting in the left-hand pane, ensure you uncheck old prefetch data found under the Windows tab, and under the heading of Applications, Utilities uncheck AVGas Anti-Spyware then click Analyze> Run Cleaner. You may be fairly surprised by how much it finds. Also click Issues then Scan for issues – fix selected issues

Double click combofix.exe & follow the prompts.

When it has finished, it will produce a log. Please post that log in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back a fresh HijackThis log (from normal mode) and I will take another look.
  • 0

#13
ed_word

ed_word

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Everytime I run combofix these 2 things pop up about 20 times.


Posted Image
  • 0

#14
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

Looks like your system doesn't like ComboFix.

Try this:

Please run System File Checker, to make sure all of your protected files are not corrupt. The scan will automatically replace any corrupt files that it finds.

Click Start
Select Run
At the prompt type sfc /scannow Please note that there is a single space between sfc and /scannow. Now click {b}Enter[/b]

This will start the programme, and a box should appear telling you how much longer the process should take.

Sometimes the scan will prompt you for your Windows XP disc upon starting the scan. if this happens please make sure that you can view protected files:

My Computer > Tools > Folder Options > View > "Uncheck" Hide protected operating system files.

Then rerun the scan.

Once the scan is complete:

Check your Windows Updates! After using the File Protection Service, you might need to reapply some updates.

Please reboot, and let me know if anything has changed.

Also, please rehide the protected files:

My Computer > Tools > Folder Options > View > "Uncheck" Hide protected operating system files.

No Windows CD? See here: No Windows CD
  • 0

#15
ed_word

ed_word

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I ran the scan and it keeps asking me for my windows CD but I do not have my windows cd. I have changed the sourcepath value to C:\ and rebooted and reran the scan and it still asked me for the Windows CD. Any ideas?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP